Forgot your password?
typodupeerror
Security

Smart Meters and New IoT Devices Cause Serious Concern 95

Posted by Soulskill
from the your-smart-tinfoil-hat-won't-even-save-you dept.
dkatana writes: The ongoing deployment of internet-of-things devices is already creating serious issues and discussions about the privacy of users, IoT security, and the potential threat of cyber criminals taking control of sensors and smart devices connected to the Internet.

Security and privacy concerns associated with smart meters are why they are currently "optional" in several countries. That's the case in the Netherlands after consumer organizations and privacy watchdog groups campaigned vigorously to stop the mandatory smart meter deployment. A report from researchers at Tilburg University claimed that "smart meters have the capacity to reveal quite privacy-sensitive information, thus affecting not only informational privacy but also privacy of the home and of family life."
This now applies to televisions as well — an article in Salon discusses the author's new "smart" TV, which came with a 46-page privacy policy. Quoting: "It logs where, when, how and for how long you use the TV. It sets tracking cookies and beacons designed to detect 'when you have viewed particular content or a particular email message.' It records 'the apps you use, the websites you visit, and how you interact with content.' It ignores 'do-not-track' requests as a considered matter of policy. It also has a built-in camera — with facial recognition."
Facebook

Facebook Sets Up Shop On Tor 99

Posted by Soulskill
from the mixing-privacy-with-antiprivacy dept.
itwbennett writes: Assuming that people who use the anonymity network want to also use Facebook, the social network has made its site available on Tor, Facebook software engineer Alec Muffett said in a post on Friday. Facebook also decided to encrypt the connection between clients and its server with SSL, providing an SSL certificate for Facebook's onion address. This was done both for internal technical reasons and as a way for users to verify Facebook's ownership of the onion address. Since it is still an experiment, Facebook hopes to improve the service and said it would share lessons learned about scaling and deploying services via an onion address over time.
Security

Breaching Air-Gap Security With Radio 68

Posted by Soulskill
from the hitting-you-where-you-live dept.
An anonymous reader writes: Security researcher Mordechai Guri with the guidance of Prof. Yuval Elovici from the cyber security labs at Ben-Gurion University in Israel presented at MALCON 2014 a breakthrough method ("AirHopper") for leaking data from an isolated computer to a mobile phone without the presence of a network. In highly secure facilities the assumption today is that data can not leak outside of an isolated internal network. It is called air-gap security. AirHopper demonstrates how the computer display can be used for sending data from the air-gapped computer to a near by smartphone. The published paper and a demonstration video are at the link.
Google

Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40 60

Posted by samzenpus
from the get-it-out dept.
An anonymous reader writes Google today announced plans to disable fallback to version 3 of the SSL protocol in Chrome 39, and remove SSL 3.0 completely in Chrome 40. The decision follows the company's disclosure of a serious security vulnerability in SSL 3.0 on October 14, the attack for which it dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE). Following Mozilla's decision on the same day to disable SSL 3.0 by default in Firefox 34, which will be released on November 25, Google has laid out its plans for Chrome. This was expected, given that Google Security Team's Bodo Möller stated at the time: "In the coming months, we hope to remove support for SSL 3.0 completely from our client products."
Security

Vulnerabilities Found (and Sought) In More Command-Line Tools 80

Posted by timothy
from the one-thing-at-a-time dept.
itwbennett writes The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities. Two remote command execution vulnerabilities were patched this week in the popular wget download agent and tnftp client for Unix-like systems [also mentioned here]. This comes after a remote code execution vulnerability was found last week in a library used by strings, objdump, readelf and other command-line tools.
Businesses

Cutting the Cord? Time Warner Loses 184,000 TV Subscribers In One Quarter 381

Posted by timothy
from the jacked-up-my-bill-lately-too dept.
Mr D from 63 (3395377) writes Time Warner Cable's results have been buoyed recently by higher subscriber numbers for broadband Internet service. In the latest period, however, Time Warner Cable lost 184,000 overall residential customer relationships [Note: non-paywalled coverage at Bloomberg and Reuters]. The addition of 92,000 residential high-speed data customers was offset by 184,000 fewer residential video customers in the quarter. Triple play customers fell by 24,000, while residential voice additions were 14,000.
Security

Drupal Warns Users of Mass, Automated Attacks On Critical Flaw 70

Posted by timothy
from the big-targets-get-hit-first dept.
Trailrunner7 writes The maintainers of the Drupal content management system are warning users that any site owners who haven't patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be compromised. The vulnerability, which became public on Oct. 15, is a SQL injection flaw in a Drupal module that's designed specifically to help prevent SQL injection attacks. Shortly after the disclosure of the vulnerability, attackers began exploiting it using automated attacks. One of the factors that makes this vulnerability so problematic is that it allows an attacker to compromise a target site without needing an account and there may be no trace of the attack afterward.
Security

Security Companies Team Up, Take Down Chinese Hacking Group 63

Posted by samzenpus
from the end-of-the-line dept.
daten writes A coalition of security companies has hit a sophisticated hacking group in China with a heavy blow. The effort is detailed in a report released today by Novetta. The coalition, which calls itself Operation SMN, detected and cleaned up malicious code on 43,000 computers worldwide that were targeted by Axiom, an incredibly sophisticated organization that has been stealing intellectual property for more than six years. The group united as part of Microsoft's Coordinated Malware Eradication (CME) campaign against Hikit (a.k.a. Hikiti), the custom malware often used by Axiom to burrow into organizations, exfiltrate data, and evade detection, sometimes for years.
The Almighty Buck

Apple Pay Competitor CurrentC Breached 263

Posted by samzenpus
from the raise-shields dept.
tranquilidad writes "As previously discussed on Slashdot, CurrentC is a consortium of merchants attempting to create a "more secure" payment system. Some controversy surrounds CurrentC's requirements regarding the personal information required, their purchase-tracking intentions and retail stores blocking NFC in apparent support of CurrentC. Now news breaks that CurrentC has already been breached. CurrentC has issued the standard response, "We take the security of our users' information extremely seriously."
Government

Hackers Breach White House Network 98

Posted by Soulskill
from the dozens-of-solitaire-games-compromised dept.
wiredmikey writes: The White House's unclassified computer network was recently breached by intruders, a U.S. official said Tuesday. While the White House has not said so, The Washington Post reported that the Russian government was thought to be behind the act. Several recent reports have linked Russia to cyber attacks, including a report from FireEye on Tuesday that linked Russia back to an espionage campaign dating back to 2007. Earlier this month, iSight Partners revealed that a threat group allegedly linked with the Russian government had been leveraging a Microsoft Windows zero-day vulnerability to target NATO, the European Union, and various private energy and telecommunications organizations in Europe. The group has been dubbed the "Sandworm Team" and it has been using weaponized PowerPoint files in its recent attacks. Trend Micro believes the Sandworm team also has their eyes set on compromising SCADA-based systems.
Unix

Dangerous Vulnerability Fixed In Wget 58

Posted by Soulskill
from the under-the-radar dept.
jones_supa writes: A critical flaw has been found and patched in the open source Wget file retrieval utility that is widely used on UNIX systems. The vulnerability is publicly identified as CVE-2014-4877. "It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP," developer Vasyl Kaigorodov writes in Red Hat Bugzilla. A malicious FTP server can stomp over your entire filesystem, tweets HD Moore, chief research officer at Rapid 7, who is the original reporter of the bug.
Privacy

Help a Journalist With An NFC Chip Implant Violate His Own Privacy and Security 139

Posted by Soulskill
from the what-could-possibly-go-wrong dept.
An anonymous reader writes: His wife thinks he's crazy, but this guy got an NFC chip implanted in his arm, where it will stay for at least a year. He's inviting everyone to come up with uses for it. Especially ones that violate his privacy and security. There must be something better to do than getting into the office or unlocking your work PC.

He says, "The chip we are using is the xNTi, an NFC type 2 NTAG216, which is about the size of a grain of rice and is manufactured by the Dutch semiconductor company NXP, maker of the NFC chip for the new iPhone. It is a glass transponder with an operating frequency of 13.56MHz, developed for mass-market applications such as retail, gaming and consumer electronics. ... The chip's storage capacity is pretty limited, the UID (unique identifier) is 7 bytes, while the read/write memory is 888 bytes. It can be secured with a 32-bit password and can be overwritten about 100,000 times, by which point the memory will be quite worn. Data transmission takes place at a baud rate of 106 kbit/s and the chip is readable up to 10 centimeters, though it is possible to boost that distance."
The Internet

Ask Slashdot: Unlimited Data Plan For Seniors? 170

Posted by timothy
from the goldarned-internet dept.
New submitter hejman08 writes with a question probably faced by many whose parents, grandparents, and other relatives rely on them for tech support and advice, specifically one about finding an appropriate data plan for his grandmother, of whom he writes: She is on her own plan through Verizon with 1GB of data, and she literally blows through it in three days or less every month, then complains about having nothing to do. They have Wi-Fi at her senior center, but only in specific rooms, and she has bad ankles and knees so she wants to stay home. Internet service would cost 80 a month to add where she lives. What I am wondering, is if any of the genius slashdotters out there know of a plan that- regardless of cost of phone, which we could manage as a gift to her, once- would allow her to have at least 300 minutes, 250 texts, and truly unlimited data (as in none of that Unlimited* stuff that is out there where they drop you to caveman speeds within a gig of usage), all for the price of less than say, 65 a month? The big 4 carriers don't seem to have anything that would work for her. What would you recommend? (I might start with a signal repeater in a utility closet, myself, or some clandestine CAT5 from a friendly neighbor's place.)
Microsoft

OEM Windows 7 License Sales End This Friday 240

Posted by timothy
from the new-old-stock-will-persist-a-while dept.
colinneagle writes This Friday is Halloween, but if you try to buy a PC with Windows 7 pre-loaded after that, you're going to get a rock instead of a treat. Microsoft will stop selling Windows 7 licenses to OEMs after this Friday and you will only be able to buy a machine with Windows 8.1. The good news is that business/enterprise customers will still be able to order PCs 'downgraded' to Windows 7 Professional. Microsoft has not set an end date for when it will cut off Windows 7 Professional to OEMs, but it will likely be a while. This all fits in with typical Microsoft timing. Microsoft usually pulls OEM supply of an OS a year after it removes it from retail. Microsoft cut off the retail supply of Windows 7 in October of last year, although some retailers still have some remaining stock left. If the analytics from Steam are any indicator, Windows 8 is slowly working its way into the American public, but mostly as a Windows XP replacement. Windows 7, both 32-bit and 64-bit, account for 59% of their user base. Windows 8 and 8.1 account for 28%, while XP has dwindled to 4%.
Upgrades

Alienware's Triangular Area-51 Re-Design With Tri-SLI GeForce GTX 980, Tested 137

Posted by timothy
from the where-are-you-priorities dept.
MojoKid writes Dell's Alienware division recently released a radical redesign of their Area-51 gaming desktop. With 45-degree angled front and rear face plates that are designed to direct control and IO up toward the user, in addition to better directing cool airflow in, while warm airflow is directed up and away from the rear of the chassis, this triangular-shaped machine grabs your attention right away. In testing and benchmarks, the Area-51's new design enables top-end performance with thermal and acoustic profiles that are fairly impressive versus most high-end gaming PC systems. The chassis design is also pretty clean, modular and easily servicable. Base system pricing isn't too bad, starting at $1699 with the ability to dial things way up to an 8-core Haswell-E chip and triple GPU graphics from NVIDIA and AMD. The test system reviewed at HotHardware was powered by a six-core Core i7-5930K chip and three GeForce GTX 980 cards in SLI. As expected, it ripped through the benchmarks, though the price as configured and tested is significantly higher.

An optimist believes we live in the best world possible; a pessimist fears this is true.

Working...